From 09f02e550750dfcfb355355095e3cc4a1a7a0236 Mon Sep 17 00:00:00 2001
From: Gyu-Ho Lee <gyuhox@gmail.com>
Date: Thu, 5 Oct 2017 21:30:30 +0000
Subject: [PATCH 1/4] fixtures: add 'localhost' to wildcard cert for local
 cluster

Otherwise, local cluster tests fail.
---
 integration/fixtures/ca.crt                   |  31 +++++------
 integration/fixtures/revoke.crl               | Bin 522 -> 519 bytes
 .../fixtures/server-ca-csr-wildcard.json      |   5 +-
 integration/fixtures/server-revoked.crt       |  32 +++++------
 .../fixtures/server-revoked.key.insecure      |  50 +++++++++---------
 integration/fixtures/server-wildcard.crt      |  33 ++++++------
 .../fixtures/server-wildcard.key.insecure     |  50 +++++++++---------
 integration/fixtures/server.crt               |  32 +++++------
 integration/fixtures/server.key.insecure      |  50 +++++++++---------
 integration/fixtures/server2.crt              |  32 +++++------
 integration/fixtures/server2.key.insecure     |  50 +++++++++---------
 11 files changed, 185 insertions(+), 180 deletions(-)

diff --git a/integration/fixtures/ca.crt b/integration/fixtures/ca.crt
index 799a3bf0dfe..69eac6cea42 100644
--- a/integration/fixtures/ca.crt
+++ b/integration/fixtures/ca.crt
@@ -1,22 +1,23 @@
 -----BEGIN CERTIFICATE-----
-MIIDrjCCApagAwIBAgIUD/nWsq3FfCKbMoY0HPFWnT0vEsMwDQYJKoZIhvcNAQEL
+MIID0jCCArqgAwIBAgIUGMTka1d/PO3J5ui12qLiCKjR1rMwDQYJKoZIhvcNAQEL
 BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
 Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA5MjkwNjUzMDBaFw0yNzA5MjcwNjUz
+Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzEwMDUyMTU5MDBaFw0yNzEwMDMyMTU5
 MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
 BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
 ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQC8JbBTGtxAi7QPiix8bQJ+UmusPaaAtwOlcdz24FzLpIIp1tGqDZSVIG/N
-Ewt3Uujau4G5GO32mIJ52f1dhZHu5RU4Rhu707lKHM7sgQZTtMQUJuJ7YGcfmi77
-SexBJvfNBAZScpZVbBDBzhLCDfjA89HwcGqjcxweSY6pXeHvwOVzwoZAoYJfw8vN
-3hNnIHzMoraRlYdAetxGmA3/r3f3l3NfiIE1vZI3g0CAlTkY8ZaqT8Oo6ZIbFBYO
-FIm1eCcNVdf6ZSzQOueKdIB+SFRNcnzdJYQpyWo1wuVTEZkNwp8jdpRK0xy2FBG3
-cTUac0mtvhfc8k1llp+Gk7uesr3fAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP
-BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQX1uJJuwcyp2vAJIzR8oyOhdnDCTAN
-BgkqhkiG9w0BAQsFAAOCAQEAb98aC0nym9vd6udUiECJKdgeed/PY3lczppk4MUV
-tmH+5kDk84ES+lRb4n+OcxswE8E2xi9/vuGujC9vrUOFF3mlDG/ekwH3SoA0yuYC
-+aBPd1MAZNhNie4B5rSBWNhwUo4OjhW9ohfiZA6C/TRk3pQBT9bB0DiFkv3uatbs
-odoUOT7jK7vh/Jz7fYI1bHbRr3iym8aH00wo8774ZVQJkMO3HPqm/92CBZo3/vuK
-WngWzUucGmZcalA/bPUofmSe0LaX1qhLUl6FG5hFByyufob8qRd5aiCgwrp2IILR
-gNpiE4OF0AaP9cWysSOld+vT9BzFIlKX1fS0Zn38a+00yg==
+AoIBAQC/oSHQqlc05uZYMHHxkkF/eTM4uh7Z/6TSjChMfnNk+5rZJzwSkLeL47Am
+kmcGnB9xo4tKkiDjq6MbHwgK2YpgdF5rRSC89BYBWPVvSMxMWV4Pvx/q3mdUjh7N
+tb9udJxG6c3rgI+2t2zcx1+qFGeKw0JSHKpcI6UKNm7E/xY0lqJ0ptHruBgFQaqy
+VdqVa5QkyF2imnFEdgakO2EuQR3vVAr5sM552LLnngNsfsxLStxXWDJZ/+34k2ON
+jJy5KEQ1KgYmVwi8843yQRDkvAjZ4Z1LzbcQQ83/6oT3kAfsOjy8bdsxMZBWSA53
+W9LuKUOk6WLRY0S3vUjzdw8To15RAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjAS
+BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSt4lqZZ20BpzYG8GSym10Intbr
+EzAfBgNVHSMEGDAWgBSt4lqZZ20BpzYG8GSym10IntbrEzANBgkqhkiG9w0BAQsF
+AAOCAQEAA6TqqLkPdI6zuda71LL68myXbN2qdxzs7HK8jkGPM2cU6Ii0G66TvesM
+gf1k3VddbvF8mPCyhdLYRArQeDLxKDLq/efosOj/NiLtepXea6Ib7XEo2AKCe21S
+SpBAZ2Szx8mGa7IY3ISfxkY0PpGhe2G0Rf0kOX5SYhQ/4TdAoe2pr8jFX6b7Kbdl
+yBxq9nDYjSCA7fC5Yr3Pup7Uu9fh1TJr+62DMBeeQN1XFZ0hEdu5sk4jkNq3ijC7
+/vpDyzRduUGpbp8Jy4HzoyWrCmp+KEznEWNmXb/HoPHKBlAz0ovjzU+jnFYi9tVN
+WODbdeGuXqBBmdAGaWBEowVP8ZhdQg==
 -----END CERTIFICATE-----
diff --git a/integration/fixtures/revoke.crl b/integration/fixtures/revoke.crl
index 6348f0f03cd8416e8b76944aa4d50de71f0ef3f5..0e73dfca582597e1f4d0d9b2a64bdcc60ca53e46 100644
GIT binary patch
delta 398
zcmeBTX=h<KXkubEXnZq~tEJx1z`)eV$iUdtC`z2y(A?0#&<M&kP&ZIz5=s5fvtsS$
z1x~7Q%WL$OU$vXvvSklMAza@AWdlV6c{b)yS!EUp1F;5?wU44^rspy)H)H#dvT1fK
z$GmH=g$;PwIJMe5+P?ELGIFyrFgGzWGL)REs8^JVJYwn0ZSt$dU$$N9>11}sm~D4u
zWas-iuKyLi(DvB19;av1Gv!@oKJeb>pHMJK!e%n3v+py-shlRO9Pald%vjpIx~3|)
zC^U3gzTPzEtdiE{w`9|@&v+h*jC-Ly`DcdiQs4DittJ9{*|$dNxrtp~r1QXU!<ii(
zXShxUy_iyWo>3`IasT#;YNk#xW$9+F)se9hTR+}avC8QS-?;17er}GZ%NMcA^Zw0b
zdm<dntv^Tm{yp<3$NA2&@=FgaKfFK3`TdMd&o<Y+{~XN!TG5Ytb?=eh1;^i}HyJPf
p9u*zc%i>|}t2O=d1N#*w(^a2aK3UN4`OAgZ(Ocslnq7Ug4FJAOqU-<w

delta 401
zcmZo?>0;qBXkubBXnfDa$T*R`rQX2O$kM>f)WX;xN}Siw+|a<l49Yc7H&A5~vCNCx
zvcf*CCYo!;+py0XdTBhd&p`^2^es>}P&ANdV-A&7W|1%uYY-8?_Q-QLyV3IO11dci
zKlSvr-aO1{z{|#|)#lOmotKf3o0WmNiII_E9>=PB*=+)8WqVt<g$cRL{CQt4(@yNc
z_RR~$tu|MLBy~Stqj%sZudmg<)Vb~*U+vczpH9lZB`&6)aG$+fEBd`_(Y#5|xBOj|
zTQ~jt(T@02OWFR`cb#M7ciwo$i|z6=f9bnxgid?&C3;TN+rA*O-78T1TEKzwEYBdO
z&VLWpHftFr@2e9O_}{L1cWaL+?}j_kJSPsUkKo(zB8=T{OY#)fC8s=}XkJ$_;0V6y
zD{@z8j`xLBEu$Cf*j`A=^TvM6N?>u3h<>nCav9gj(hEWEbstSuAIvp5BYX3~)s=M#
ryVt4IPFnEc$I0p&DyN(uwryy-#2wsvL^kz9W*^(p$E{)P%!1_rFw&ze

diff --git a/integration/fixtures/server-ca-csr-wildcard.json b/integration/fixtures/server-ca-csr-wildcard.json
index 53ee8699fb3..43e35ae6e4f 100644
--- a/integration/fixtures/server-ca-csr-wildcard.json
+++ b/integration/fixtures/server-ca-csr-wildcard.json
@@ -14,6 +14,9 @@
   ],
   "CN": "example.com",
   "hosts": [
-    "*.etcd.local"
+    "*.etcd.local",
+    "etcd.local",
+    "127.0.0.1",
+    "localhost"
   ]
 }
diff --git a/integration/fixtures/server-revoked.crt b/integration/fixtures/server-revoked.crt
index 173dc187915..de1c04a7323 100644
--- a/integration/fixtures/server-revoked.crt
+++ b/integration/fixtures/server-revoked.crt
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEEjCCAvqgAwIBAgIUOW5etKg/ZnxbCpjtVvMoLmYMXecwDQYJKoZIhvcNAQEL
+MIIEEjCCAvqgAwIBAgIUZf8MqK2zoEIlXqd8LqfVPpuEtLwwDQYJKoZIhvcNAQEL
 BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
 Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA5MjkwNjU0MDBaFw0yNzA5MjcwNjU0
+Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzEwMDUyMTU5MDBaFw0yNzEwMDMyMTU5
 MDBaMHgxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
 BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
 ZWN1cml0eTEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQDJb+66dOfF2/Q1Ppz825+uGxVpDIGHaP+H/EKgDELZZ+ev
-0bUbsH9E28p+Ih87eV+hfu68kOgOZ7fLplN3uaSpG716sd/5ny32T/m/JS0hnZdR
-bD1nvRPqxFPy1G1xM+JWeFRDbJQJ18t1Bt/KB3p+TRdo2aEaQgC2wrsTjv84MEbp
-WJyI3uxmUaEStoPDskQyjI4Z5SKHHQqIuRzpo5KHMf9OqFRAm+pbe4aMsUBHOAH4
-YsHr/gGrZUSIdGScBnosncUl6Ec9rEBe4cRf7ruyid+pwJOhCeXekSCcQjyqG2cV
-xPWShUuCGhFstu6dkMprRplzwy7WXqCdqMk9ZVkBAgMBAAGjgZwwgZkwDgYDVR0P
+A4IBDwAwggEKAoIBAQDkEmWpIDyq0O9uDB01+RPFGleylCCocnY/Im6iXZnkBuFz
+DctlIJvfrUgzil2tB6OsmghyWLCpRVWwcK9MLAkRnychjPIDdSYJGFEqmuUP3uZG
+BcFRlm8JGkJIIO9vGBQpW5u900FzYwT4LmjK38V+zR6qFTQknCNwOx0PTC//w/30
+s7yV5u28ojgrfVEJjHgFJ/u9vTPhZbeyqW5N2Azglvxbgz97PZwr/mxclH6xTDdy
+U0o0px0c4eO5EZasUbssFF/+NHeIHh0nN2BCZYzk7CoC+CxMACYq4oCDsu1esTQN
+WZmgcMSEyIq+JEHtTGsA27Mjbje/68D3P9OC+wrHAgMBAAGjgZwwgZkwDgYDVR0P
 AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
-Af8EAjAAMB0GA1UdDgQWBBSpFTakSu4EauEYmUFasPJu6CWbITAfBgNVHSMEGDAW
-gBQX1uJJuwcyp2vAJIzR8oyOhdnDCTAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8A
-AAEwDQYJKoZIhvcNAQELBQADggEBAENi+GFd6an867Jrgsgd5kbGkKOl0Mcr00H8
-OQGuy5Zuy4lpLwHQ5YHaowsmxt+KOkpEG6raFmOMJh5Q3fY//nAFhtmikOuggw45
-jQWT0uguB2NzdQfyo3BTLlwRbKVkfmoSDVtNPMYUR3AD6jhLVEoY/gDwCJHsm5/9
-mPK0bgzTjnNRXfr0+cBmeOSpOvTtgvRhQMEvpbh0DAv71MSYY/XSWVng75QMRSf0
-DuvuBAKmjfFw8rMcz0WkkN/QcMG3olxRyZt6gl7o6hlttO261+gfLY77s+YLYKr5
-Sf9WAHWcnrgmfyUXHoVx1YA5HoDBKUuX0bI6ufCnqn9JMIPDSGs=
+Af8EAjAAMB0GA1UdDgQWBBQMKqvDurICoX7YuJNGzb5OBVyCMzAfBgNVHSMEGDAW
+gBSt4lqZZ20BpzYG8GSym10IntbrEzAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8A
+AAEwDQYJKoZIhvcNAQELBQADggEBALCw2nC7yt53qxN8w45aA3rmHWqxYoogf75n
+eub6gG2T5Nl4ab8UeK8i3U4oY1+8MZgV9WP6o9Vq9XSbF5tsLzPmid/61aU6Us35
+zI8J0/RtYCibCAcVKmNwmfhoUqMTERhSL4dcloU9n/45anZgQXqNCHXJk8+I6nAY
+ZLEJ2aGFhvNypPTYrr4BvHx+LnrUzPWcd7JwXGLXGJtDEF45HIMLgduof+azDp/X
+HJHVra4ChMbyJHiiC9nCJruGAtF2aJuwqrGG7KnPifDLPBsplE3zvDA6dtEPvGui
+l/IE15sZ++GqTgf4fn2CNJ0PK/xYCtcBejodus88SJviaEftEB0=
 -----END CERTIFICATE-----
diff --git a/integration/fixtures/server-revoked.key.insecure b/integration/fixtures/server-revoked.key.insecure
index 8a783edc101..9b47fd9c741 100644
--- a/integration/fixtures/server-revoked.key.insecure
+++ b/integration/fixtures/server-revoked.key.insecure
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyW/uunTnxdv0NT6c/NufrhsVaQyBh2j/h/xCoAxC2Wfnr9G1
-G7B/RNvKfiIfO3lfoX7uvJDoDme3y6ZTd7mkqRu9erHf+Z8t9k/5vyUtIZ2XUWw9
-Z70T6sRT8tRtcTPiVnhUQ2yUCdfLdQbfygd6fk0XaNmhGkIAtsK7E47/ODBG6Vic
-iN7sZlGhEraDw7JEMoyOGeUihx0KiLkc6aOShzH/TqhUQJvqW3uGjLFARzgB+GLB
-6/4Bq2VEiHRknAZ6LJ3FJehHPaxAXuHEX+67sonfqcCToQnl3pEgnEI8qhtnFcT1
-koVLghoRbLbunZDKa0aZc8Mu1l6gnajJPWVZAQIDAQABAoIBABamUFiE1p7HyaDH
-Bo3kAANqpjCmqFXad4kJ00/9sPKTHVkGom+Xm+fZMt6V5Z8hWaBmDmADhyQ/g0oR
-zKbUp/Af32FRaNa/kEJ24aUdgAKcnqwYGJt2hivKoYnXWur0o4mHhCoEpmyo6Aaj
-nDwyNRLIhk5S0iuKqlvib3iWhpoBmEnDE+0ydoBn1QHiiziFsGaAEi48CcXMpCHt
-WDXXtCHndd8qb1PJ4ertDg+9lCyx1QGLM2ckfK1NoAx3VyAHFfz8dbDL8L3fTBP1
-QTPTD4NcjShUHadKPc8K20jp21BWPLCMKUPoR2jPZmAyrN8Ka+IuWmlM2qsozO87
-65/+GvUCgYEAy9H10i1v7GZ043T546Dt8beB+Gb/fiUOxZ1lpY1tvsFURqryHTAV
-M7jhkgCe/YAQvm9pPz9ku88IxQIGNn9/URXFYyJgdTptaP0F5YOb+INYi+0TogCs
-k28JGjnqEou7YyYwt2ehvcJuKq8Ue2dmsGq3lzdMEd/qWFn1U6f2cGsCgYEA/QHM
-sG51KNLcufGLrErlFbasfB6Vdi8ui4+YdJMRYr3+hhIj1nqvTNLJcgkdEWcYwLm1
-NpTXHdjyQCfseYT79M2HK/MBzxncJXgdoMb71LakZzIWc0Mx9oDg2BVj3TKBVIpZ
-/XqiIIXNElqE6yT1Os+INr2Vyi0wOR3W3Uk5B0MCgYEAva3RtR1v8XKQCTXNcFdN
-2QtMOx2vW3elPaby95Scs0873OAtnZgnwxCla7iEPao26uLH8YJPfrB3ms/9dC5H
-D/DQ1ycg2Tfcpj4ChMtsFWQ2vVGOWc+Cy1okAHIxMb00UFs0LxqUXQJagAKbbxSV
-bkyCOonNkzzs2/gr5QSExa0CgYEAwhZ2UsZ5pBaWcyJkNojB0nVvPkwr9hzdxPwk
-RRFpHemIbotN6MP25KUzGgL5xJblOzt7U2K8303FEQhPdS1aJ4LfdgyWT6yT4D6T
-4/mhyJ1P40ZeSI+8rVBSrBFEqbSL2DHGNRi1dOOP3MuJ+eVBJpt78Bph5VXjD33f
-jaQVVocCgYA5L4p7EBuJ7/3IGk6lwIsxmB2SIsnQ+wQuZfirMHBm9zDiBHxPd5is
-P5uPUVlponNDbtawPOmgP/IpfEQSQc+RC24R8GjAKzwkdoLcw2DubOKg842AI2+z
-tWSWXcXQzLJo9L+tJ/70C/8yeBfYry6LmLBnCptY3r0FiaTndbOoGA==
+MIIEpQIBAAKCAQEA5BJlqSA8qtDvbgwdNfkTxRpXspQgqHJ2PyJuol2Z5Abhcw3L
+ZSCb361IM4pdrQejrJoIcliwqUVVsHCvTCwJEZ8nIYzyA3UmCRhRKprlD97mRgXB
+UZZvCRpCSCDvbxgUKVubvdNBc2ME+C5oyt/Ffs0eqhU0JJwjcDsdD0wv/8P99LO8
+lebtvKI4K31RCYx4BSf7vb0z4WW3sqluTdgM4Jb8W4M/ez2cK/5sXJR+sUw3clNK
+NKcdHOHjuRGWrFG7LBRf/jR3iB4dJzdgQmWM5OwqAvgsTAAmKuKAg7LtXrE0DVmZ
+oHDEhMiKviRB7UxrANuzI243v+vA9z/TgvsKxwIDAQABAoIBABjg/N/3GUcU5Zle
+ju0tT3/HwNtFF07otYdrjR//D+N08LDpR0+vv/ElaOPeaxuN4sfYQaWfkR3V52QI
+1sZ7Yz3d25noUxoXdF+3nFsGbIhPq1TmGdF5lIEssSBHH3dB7CkayiFp4xDgM1GT
+VnES+es8GuU4zOhVc/QxLplVmULP/LL2CkAWPWFkUKwy2+k0ihZY+3NTeY3zwXgg
+uYfi2gxpijfPTi8zB4hpsmS/c0UqUBwaUAlap0CwjVxLWBwqKHyCLXjL4rJovafl
+ZtlELpr8LJFuw3Cty6+VxTniLT1wlCFwyxQUOHa1xvnJKr6VYtKG3OSDdNAbKQ03
+b6w0xKECgYEA78ejDfBP1K4up02CPaYiDtZK+OGTzjHnoXQk3hn/Mm4bD4GbWjFa
+vugdcAspV56jR0wSBsp50Fx6z43w2M7zsfAPkp4tACaRcHCUsQc2bhNWniUW1p2Z
+Xr/hHJyjJNY1aiYsXLY8Y/+gFKsNAmd5G3kc5F+qQ0CnCaa6EVs4f7ECgYEA84AC
+NS1uy7jFWg+Fi8bOTt4KGiknd8D9+3aNYnPJ4yzZlFqoMPigoHso+BOeEpqSHiY9
+ZBWtp3GqSnXxo1kBxKv4abgSOiwtmVFdcEpdtnb1fsZOToDqVDTGIf1/5cRmGotv
+rmYX/yhL0PAr9nHyV7vSvQaSq39yy/+vA7waB/cCgYEAlbL55bXm4U1t6x3E9mBG
+WyUG4aNT+CPIDVDJw7BPV1jOpDuylfjCQvX/ivgs83sjTVv81SiMLL3QHszrVTC/
+jJPn5Q3D4pgxrRVcf7mVDdwc89cMDymNm04IaSiR4mmqJ391qtxLj9MESmMQWDPp
+tHFEzH+9eQdgQfJJsJRXDcECgYEAuMFB65NjY9P4ehMY4yufUhwLUjozphubGnej
+YzYz0tku5e+7ehzL07hfJ4vK/palk5a0MgJ41nnaGdFP3P8l5lINlDmEKvtmRdSE
+rzTd0hqEvwI8XDhYlDfOte+gYXgZeL6fqJXyUzoB/LCeysk+de8fQSmBk/qJ4dtI
+se7BWZUCgYEAvRn3UqhEVq6gZgJ48LKtCPAVdDH9I2gXf0ywa8ezRcuKSsCexKOH
+gM8/MuL6KeKZMj9X01fySx9KFGIAN7GQ6bm4kZLIAQCLVhBkG8YV6t0i44oVQbSz
+qTapBzKVPyuJPVE79adX+pOgQjIfnljFlrO7JCQ+XCfKGuU9MhJfuMU=
 -----END RSA PRIVATE KEY-----
diff --git a/integration/fixtures/server-wildcard.crt b/integration/fixtures/server-wildcard.crt
index d924294c4e8..02025950b05 100644
--- a/integration/fixtures/server-wildcard.crt
+++ b/integration/fixtures/server-wildcard.crt
@@ -1,24 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIUNDzcFXOAhXxTYih49LOUFsErYIgwDQYJKoZIhvcNAQEL
+MIIELDCCAxSgAwIBAgIUGtkVdLvghfSjGwEVSothEo9W2mcwDQYJKoZIhvcNAQEL
 BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
 Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA5MjkwNjU0MDBaFw0yNzA5MjcwNjU0
+Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzEwMDUyMTU5MDBaFw0yNzEwMDMyMTU5
 MDBaMHgxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
 BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
 ZWN1cml0eTEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQDCE0C//qA88O5ivLTvjUO4RDJHfHAB8nanCxxz4Bu8Cucg
-PnRpFetzI7YqO3jQadTDXOjYDp/frfB6ifQRS22Ggc98IWQ4V06B893wgac48tkF
-m8tocD+wZ+eYoHN+1LU7JERTsKGwNtSm6G/KQp1d2r4ISg8GoB5KmHrOIHmKFbQH
-7cLiB+pARKk52+JRrKHfezGr5PjNzdgUml7fcKQWoBfl4pdgIcfWIRhggscGytk2
-BTO5qLJU/6jQNnLlyypMabv7vh22pbUWNdoK2KJRKqMzIYbPkLjDTVF+BgB6Nr5M
-znPPTDaXuRsoRVPDghnVfur2ckLo26+4fzTwdYHLAgMBAAGjgZkwgZYwDgYDVR0P
+A4IBDwAwggEKAoIBAQCzMQzTgoljoR19y2EQIUZhVBBtej6d0/lYHc+yI0EmW75K
+GMcubDdFOY/g6ceg5t+MJkWpvJJ5h2l7SVV3UTDHtxJyyQcJcJ7FBQ9QqwrrK+4X
+U1m2WsB6qqzd5x/wNRqncq9Ql6PnMgtem1FaZYR5K5HievT3+24vbWFAWtbOZ1Io
+InZJ0Supba2SGlt7iToJ+5/jd+x5adx5ncSx/pxKHSbTFcvDosssWNzDyDZ0btO4
+QcQE5ARBnpdJA7O3PwFlDRF6JL7OK5r4hMai/S9xa3FFMWFL7lxvX+oZeSqZHL7I
+NarrksOf9wWchLP5Jnf3zk2xYH+ZkMUFOx/l+CrdAgMBAAGjgbYwgbMwDgYDVR0P
 AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
-Af8EAjAAMB0GA1UdDgQWBBTRXWxQWNLQVwbMn5/MDsMJw17jWDAfBgNVHSMEGDAW
-gBQX1uJJuwcyp2vAJIzR8oyOhdnDCTAXBgNVHREEEDAOggwqLmV0Y2QubG9jYWww
-DQYJKoZIhvcNAQELBQADggEBAA5Z/HhcTnERJn08LXKjSzvhC1YL3yBlCF1vccXz
-XshuMNF5VmpfMAwNIRhlH8x1aQyLoB56UGpF+Y91N/aqkTsjxmsrW8eJzGSIbC2n
-ZE9IXqv4DdB3jWHMOr9v+5eXXdp/i2HcWBxqoUVT82NsObl/a7yQiVeKLdGdS2MJ
-UQ5amLVgIgB2ADI3myESaBA5yPEFuFPDCEznKCFr/+iN23oYvjhFEuDpI4kNGuGu
-No1ukQr5s+mmbkoKhHymc8ri/93H+lRCDOfN3IZJrejpI5Z3JtQplCVph+naF1oM
-zSc2sGUYYStqciJJhw/270nTwhQ9LgNDmTSCvU8bX4rx/z4=
+Af8EAjAAMB0GA1UdDgQWBBQtBXmweuHsV5N700wHGmlma5a65TAfBgNVHSMEGDAW
+gBSt4lqZZ20BpzYG8GSym10IntbrEzA0BgNVHREELTArggwqLmV0Y2QubG9jYWyC
+CmV0Y2QubG9jYWyCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEA
+W7cyId33I5NtntbF7gAWlB426D2miq1dGbSbxLhbt4n4yQ8va7KbBK7Oi0MAVLMf
+HImCXnY+TEP3jxFbQuzPhd/ghxi5xwuiPt/+sqebiiXHr8KhCFiBKx7CAHQsXKjx
+vADeofmoiAA6a9HUJbDfcJYz0mUoPZPcN4emCMv9PNOOybxjRqDL2HeZWwHedPth
+kfJkOHM0NXwb+XyRY3uZHdRC5VkBBmI7H/Jo0kGYB3T7YlREfGAkPd9Iop9pfitY
+FfYVu2hcxQCmGYtLNC4csP8C/nL/0o/2pIz4ldFNsYqH1swRnZQ7A+xwo7oFhvfK
+RchIgJR6qcPHkR7oloYDxA==
 -----END CERTIFICATE-----
diff --git a/integration/fixtures/server-wildcard.key.insecure b/integration/fixtures/server-wildcard.key.insecure
index 61f6c144e06..58205e59e4c 100644
--- a/integration/fixtures/server-wildcard.key.insecure
+++ b/integration/fixtures/server-wildcard.key.insecure
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAwhNAv/6gPPDuYry0741DuEQyR3xwAfJ2pwscc+AbvArnID50
-aRXrcyO2Kjt40GnUw1zo2A6f363weon0EUtthoHPfCFkOFdOgfPd8IGnOPLZBZvL
-aHA/sGfnmKBzftS1OyREU7ChsDbUpuhvykKdXdq+CEoPBqAeSph6ziB5ihW0B+3C
-4gfqQESpOdviUayh33sxq+T4zc3YFJpe33CkFqAX5eKXYCHH1iEYYILHBsrZNgUz
-uaiyVP+o0DZy5csqTGm7+74dtqW1FjXaCtiiUSqjMyGGz5C4w01RfgYAeja+TM5z
-z0w2l7kbKEVTw4IZ1X7q9nJC6NuvuH808HWBywIDAQABAoIBAEar7iM8HKu0bIqF
-/zlQbr2WD90aQktjOLPhhu3nSRIzwjBqrcdqlP+rnHVKjNcQAstVdPDgenVgiLaG
-r9rwZaTadmzUWANwP4VxAXvIKtXBEShKsEqKvZaGb76ThxtDZ+9uaHc1VduuS8ev
-0q2LjnST6ClqlogqHH27gtS23KtcUzjFpZS2060+yOPof7xvTe0/qY6vHHqhdTTr
-SnkUNfMs0sdhobUv2nAqIKdLV3DnUn3z5FbJqluUXIaxPnGghjUmWXl+NQNg6iwV
-DX9tINTt4DsWnPWpC38x+4razj5NxOmdVouFyHHBW2NiZFkszds3hO2YBM1DTqUS
-2b9RI5ECgYEA0W7s5YcqtzILR3SrlCGzqfeDrUv8YkVAq7Yuneb8O/jvCh85GbPU
-RTeUTbQlh2D8znVtb5wwwA10NCUjBowUwy0LSGqz0uOwi/kQ9skIxNp9VEDlihw+
-WUbt3seLA6mGd+u/ZVH0jb6rXgc5du7lxmTCPQ6WO9XNkYES6IAjpEkCgYEA7Toi
-mOmrFuK7Xs1bxmqYXikmCA4/VeftCtUI6TQcaarRi+FpK7s9TkV3guI2wJKroCI3
-F1aycy7rJnUDpHF+n8k8YDH92rA5cVw6KfQhianhT6pSeGw+nLaHjybfz0Rj0jvV
-WrTcpIIlRbVGQ2gjNPx2hezIo8LDKKDafQJDDXMCgYApTcQgvFibSp5Y2FSiYUcq
-pSrt+Ydr5haMBuEIuS5TsZOLHn9HZ2TcxcpUzMt9+I3DNfuAQICIz950DkLrHqNV
-nsOT459VXxxJbrR+x0UYdbKz9ByQ8WMGfmuZPSdYcI2Zhv/3PoOJlOn9IFWf9BuS
-1fpMylysrkzdfmQ5QFRHKQKBgD+uoIT+DVCqcvQjGqTsDpUQZMY61OPBy89hmu/H
-bm0rTu9HBo2XyQBPA6MeCOavOOVW6gUY3/StvrBnLyAg24YXZl7IbMYdEn6M7IxA
-nhQvh210YokzPaeiFEfofqJMUKOqLj8YWDbNPSY2YHNN7E2YDFUtWDsl2G/6pkxy
-o/9jAoGAYEPMOLHdj5KnZvk7Dk0g0rfe6b35FBnWsHlkXegbMvRWWxbzO/drpJen
-GQKEFBb7bVkUDNzDudyZLZ6UJfrZe8Gl80YKND2qC14fct2nqF4LaY5W06RqZeMf
-VaPxzmsk0iElzD+fTYTaEEpUgBebV1Hr+lX6MFK8euSUYQKxkfg=
+MIIEpQIBAAKCAQEAszEM04KJY6EdfcthECFGYVQQbXo+ndP5WB3PsiNBJlu+ShjH
+Lmw3RTmP4OnHoObfjCZFqbySeYdpe0lVd1Ewx7cScskHCXCexQUPUKsK6yvuF1NZ
+tlrAeqqs3ecf8DUap3KvUJej5zILXptRWmWEeSuR4nr09/tuL21hQFrWzmdSKCJ2
+SdErqW2tkhpbe4k6Cfuf43fseWnceZ3Esf6cSh0m0xXLw6LLLFjcw8g2dG7TuEHE
+BOQEQZ6XSQOztz8BZQ0ReiS+ziua+ITGov0vcWtxRTFhS+5cb1/qGXkqmRy+yDWq
+65LDn/cFnISz+SZ3985NsWB/mZDFBTsf5fgq3QIDAQABAoIBAQChJKMcMm/LIMCc
+t6D6GHJqZGbBjQVyeYXqMCTvVbTpAegGSnIU1Ux+/FzfLl1P3U97gY90LRisIZJC
+RJiPTHxJneEBSLcDTjv5gatcJ/URt9fNMi+jRcmChqoehBK8uYTWwNPX7gZ/iwme
+cp6eZFzVetEekuRpfbqA/CRQ81/pDI7r/e0Wviq9aLJ4kuYNEnMBfG96pXtStriN
+4Wb8WY8X9ujIBDNmiMRCDQ6QVguO35Kiw6FTzmEWkttVPJ9l6YxVgS96dPP3cbSe
+uEyVLU8Jpx3CUBSLS9pru3XoFFWD23VUZagwLm0e6pKGgLCc/x8cv+G6uNCxCowW
+/9VZyxAhAoGBAOfwDEJfMjSeoaF8ukQJVxoGht7kbOjTVOvidyuJ+kuuSuk5u6kQ
+FsH7F3vYjUG9n8IPxXn36m8t2U/WFf4Sqb00TcXz8rl9XGSwN/bYgA7YVYVl/NJj
+ViYCx0yTPUQYbvyHx5Fgj09RZ4D1vOpQnSiDc8VMJD0ooDDJdc82Yun7AoGBAMXI
+IyjhbtSW/yErw/fBLeuGSmPWMNShuq5WeS1EyYDwTlzg2FTDep0/fzrqB17jK6Kf
+hxQfL1p3zCa25h0vgfh5qZ/Ydo3CEX8dmzE9XNOh2bzZeyO57JgtL/ovoNu6vbQk
+3FcYCIE148eTED6Q34GU0Gjvj/TWXBJnBFT83T8HAoGAdOtIcsjkWSxCVFK43wVK
+WD9EC+ZglHm8DHEMG/GhMDd7YdiNpisLHdxCuVav1p0NhNlIdjSohEU7kAhe68Zi
+tJNCRXC1QhZU1hkTDSeUXmdlrSp9aV1UFzM9Xne24bXjdP/JdZqUg6qIn7TA9+mN
+X9fsK2A3wHDTV+Sms78527MCgYEAuDqCtbO3PwMfx1AzDHa/RWIjrPd5KLc1Yutd
+mJM4d4hgFhfCqsIjVpIs+z2/e91zadnbQx0BSO3KFk3L72evUzpQjHpfhBA/p/51
+7tnPu7pJTaXvFAo9nkqJJCx1U/eQeVrUe7QBSApgkCgmu4DLELMDpptvpop93Q5k
+dJ3NoMUCgYEAr1menJ2CogbPAy57h+0LST/w9tBQaYeu5krf3HTWrhzUaXVobkil
+3aVpO9Ia8Oo5SkeTSODJoa4U/oeuThJzrBJgGRxo8mXeELmpFCKjHOyj4h+8dgcK
+8KAamUqmT9WVDP+8RqTKbt/jA7HulC4ew76PMPty49Ln9t/o8BXBGVY=
 -----END RSA PRIVATE KEY-----
diff --git a/integration/fixtures/server.crt b/integration/fixtures/server.crt
index 5c4061b58e6..a15e5de894a 100644
--- a/integration/fixtures/server.crt
+++ b/integration/fixtures/server.crt
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEEjCCAvqgAwIBAgIUGdF+EXdv6uZK+whLwNjB8qFyFXQwDQYJKoZIhvcNAQEL
+MIIEEjCCAvqgAwIBAgIURbT0TUoUtitOg0ell5xYd3mAiDUwDQYJKoZIhvcNAQEL
 BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
 Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA5MjkwNjU0MDBaFw0yNzA5MjcwNjU0
+Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzEwMDUyMTU5MDBaFw0yNzEwMDMyMTU5
 MDBaMHgxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
 BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
 ZWN1cml0eTEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQC9AxnRD8ekAuOX8tjBXyhWewcLTI/G1+n7DgkTE90bKypo
-MBCR5sQljt2TmQbjvFIXxZMxoHnFpg9cDOmi6Y7O7XoUSCLf4Aa/KJvomZbYvFLg
-IPy8bjzh2e/M8+fgvOxyPysqsdLxbUh0jBVcYyiRfMyvzO2hN/BN42DDfnRcarnn
-g3tlae8QbZPuGKGl4zelDHBaClVeXolMqbt5vZRin0ih/hc6Hpy6oHJYPKBSeqUE
-Jugub/WN3UcKvv1mE++fzkFhEHS4t94HWB4rJyODg9glIgYMFMXarRhXMP4ZYm9h
-beWr1NlA02p8GsffMYMDLhpmncyqlz430DVuQZRFAgMBAAGjgZwwgZkwDgYDVR0P
+A4IBDwAwggEKAoIBAQC+k2hb+zgEk2WxfXtypI03y3HUo1muX7FZdHX1yKfm/TCl
+5OCR1Id8tZv3Rn3+hZEVvjNlOi/Ct5ic0SVa4OpeQTo7u5ku5/RiXE7c55I+wpmw
+o1/IUlgeq3nyDKX4RlBJfymSUD+lWHsmhXkpKdU5wcERwL5FnrkdbTQwo+4nBMcc
+UhLgWC9awpT7sAXW7OmTlg/szTIOzyJp2YRBoXp6mGsHF0rujVElQyCOBnAi/+zP
+hGGycCOoa1eVjZebpFgcisyIwZRO6KugfYIZrQ47Swcqsy4lfkbzXxZ6UMh+FtUz
+iXYSG2c8rzdpnHlFQcpfkNrbAu5Q2ObmQh21E18BAgMBAAGjgZwwgZkwDgYDVR0P
 AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
-Af8EAjAAMB0GA1UdDgQWBBSjkU3B1yxW/jZluxM6SE77OUoF7zAfBgNVHSMEGDAW
-gBQX1uJJuwcyp2vAJIzR8oyOhdnDCTAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8A
-AAEwDQYJKoZIhvcNAQELBQADggEBABlIZ03P+Xg1lGBVI9HKS7HONPYuT4mz0fQU
-yFWtDnHcq63GflNh/G9X1tyUNAO/Z9CgRcgje978yrP0s8bw2HumbWTOthcEaTgy
-ULxK53NP8SM6irp2tCbsb6bpK2wy56dmkzfLfnHJTaRFrVVZp25hZfZVub6L0mu2
-Yzejd9euweSrsSH6tFglLuFrv5zBplNuUqNMI9gngCpAzp/E/ABGeu9yje4oJ2go
-Bd15lkkFJxzJFQW3l3di3aO2VT914PC24TPMAaPStmNUNil0lWvzlzQv5AT9qcAI
-uUs+fojBVZfJZV2aUMqpMklNQcZM/BCu5Peh0DIQBr2f58mBMuY=
+Af8EAjAAMB0GA1UdDgQWBBTATssOHl8+T6AfYWGXqKHyCtUqMTAfBgNVHSMEGDAW
+gBSt4lqZZ20BpzYG8GSym10IntbrEzAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8A
+AAEwDQYJKoZIhvcNAQELBQADggEBAAzU+ZRqgGaVTGCl21QnfUY4Hj9aqt6uMhVv
+b+BG24gNUJgwkCIZODOsig7RWXjPAMkgeGmgyw1QbvV2AZo1NFJT111YhxjdqWLg
+ganDb7K2Jm5vm8mVvBVTe2y7ZBdmxJwfo9UYZkEXNQtlbvYcvYnzr0nr5QEc9v8X
+bkrbxG1DVB9wU+7hy6s4v9946xQavGUqOOC70wHUMj8gKGnGkd1mOTYaabx3VzPU
+uD82AsCQnxOIzk0qze3jCVVoTdzKt9iWpgLdFHY2pa0fdirTN1s80sLpXhUOihSP
++gu2NGP3+C0I6SW6Wu35vpYI+uMWrggu6OCxomAC872d6CVdtcs=
 -----END CERTIFICATE-----
diff --git a/integration/fixtures/server.key.insecure b/integration/fixtures/server.key.insecure
index 978c1df0547..8b5163f7e5d 100644
--- a/integration/fixtures/server.key.insecure
+++ b/integration/fixtures/server.key.insecure
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpgIBAAKCAQEAvQMZ0Q/HpALjl/LYwV8oVnsHC0yPxtfp+w4JExPdGysqaDAQ
-kebEJY7dk5kG47xSF8WTMaB5xaYPXAzpoumOzu16FEgi3+AGvyib6JmW2LxS4CD8
-vG484dnvzPPn4Lzscj8rKrHS8W1IdIwVXGMokXzMr8ztoTfwTeNgw350XGq554N7
-ZWnvEG2T7hihpeM3pQxwWgpVXl6JTKm7eb2UYp9Iof4XOh6cuqByWDygUnqlBCbo
-Lm/1jd1HCr79ZhPvn85BYRB0uLfeB1geKycjg4PYJSIGDBTF2q0YVzD+GWJvYW3l
-q9TZQNNqfBrH3zGDAy4aZp3Mqpc+N9A1bkGURQIDAQABAoIBAQCLwh41yrA44vX8
-5dFGcqE2CPQ1c6AgTIizXTZyh86HB0ztCxVFfNfuWYwXViCVBivBbhMfr+Q6tEZJ
-LzcWghJZiZkqJAi9dz4l3NYjkGXMzruNBHc8sVqNOYOqDXOYZrmC5Jh7kk9CuybH
-HsmwrZVStm/3UdUnz1/9h7KF+xv5NJ+sA0qEHvVO2AGOKVnxwJ9Jo7AvQB1XSzdr
-AVR2yQto21rfbn6SEbwO1sHmt8R2Y+YLk2NFqp+k45RVW3ewNsa/nu5nyE6dd/68
-nH4vLmDU5E2gQvkNWnjcN0xDLnoHxB9wJErBi2QTal62yjXNctEkJUdxDvqbXwiV
-LNQrR5jFAoGBAOYxnvi4WukqNTvLNQWPnaWnp2HZuMV0tSuwCjxVVSxxWxYYNq/p
-O0manQ50nfmfPLsCgFdnYNTOSatWQD/5RtKt63akdoSVUbpgeyx6cskev2zh7+X7
-syyxOlStufXykBBCtxtrJBfUrEL0jlCIUPEL3zsATRITZT2R5w5uTPyPAoGBANIz
-mPE3fgy7JHEaHAukyIaaneU4vXn14hFSTOhsQF8vHm08mFQRVCzxb4UvKRTFp+VJ
-UKbiyKtbLkcALtu1McmzkPNOE2Sm5/wJvYXisrchzTOa4ywBt/n7UrzClLLy+FlB
-MOyMsucCv3JezCW7cr4aq0bNwYYoJFCjrzwphvPrAoGBAIdzHUrXF89pYaeMe+eI
-yUenbit6tGmjsdNCI9O6loKvNNy8ZLl/8L3vt4jBAA/ZLiAQabqEfwrZU6n495dt
-M8pWQl4uifqb7lpP2UqjxpUnfZYxIDtgrt6Wbm9TRkA9eZ3H0/zTP4qyPqarRm6G
-t7IOvUz3cWI4fXMMPjxUlQJrAoGBAKjR7eTVl7Pr3ZHE0X98gdyxc1y03GCGXWFi
-AwisYGrR8hLzlrf2Du/lnJaP0OOw925MGq1d+KK/IYS+neOxO+JuCF2QeDzfW/Pt
-cryD3Nr+F8t5ezhNzQ/FjKazdC/guhsdI4joW4rzhwT5I+auDLKnwqWj/OiddsUZ
-IVUlWRCvAoGBAOSJ3ur9qZ9I/SdR62GZTw1CGoZVmpTheabyxQQuyUFNTI/4vQh5
-P5+bDzARuyHZV86CQmWp53kt2wor0w+ib1yA2lDAzTjfVpnJxe9rsKjrXVfreeqx
-VO9Xy5EoGJu3kg6wsmWc0JHAJ29HuCNnllofjQmiRcYqPjUxtQAfnAqI
+MIIEpQIBAAKCAQEAvpNoW/s4BJNlsX17cqSNN8tx1KNZrl+xWXR19cin5v0wpeTg
+kdSHfLWb90Z9/oWRFb4zZTovwreYnNElWuDqXkE6O7uZLuf0YlxO3OeSPsKZsKNf
+yFJYHqt58gyl+EZQSX8pklA/pVh7JoV5KSnVOcHBEcC+RZ65HW00MKPuJwTHHFIS
+4FgvWsKU+7AF1uzpk5YP7M0yDs8iadmEQaF6ephrBxdK7o1RJUMgjgZwIv/sz4Rh
+snAjqGtXlY2Xm6RYHIrMiMGUTuiroH2CGa0OO0sHKrMuJX5G818WelDIfhbVM4l2
+EhtnPK83aZx5RUHKX5Da2wLuUNjm5kIdtRNfAQIDAQABAoIBAQCDTcjfZw1Hic7N
+JWnCqUFrKc759Lo7fE8TFTyY5XFZoyS7iCB6GXZoJDCbhIQWsywtUOjUW+zAOgL6
+ONeF7+VKn6JhuXVnbgVhJ7xmU17dwvJlU4sQ2DtCll7kuHY5wyhaGzUnTAcuAvKG
+rfu2ss3oh2hgtO3jxeJBNhZ5VNknI+EycvW1JsMXG7qwySqLwtuUhptHmxyMTcXt
+LZi2zwmBKX7s44fCQrLq2CAo+GMJ7OFoUtZezu57ySki32VnL6uwM8ErKnvxUbHu
+H64erRRJ7Pw/qDQyYyo9pX/pKmcjGYIpt/ywYqbvszBY6ad3cdjtBHcS+9CeLeaN
+LrxAqNcpAoGBANr3dX2TMiCRiT6sTR+6ainzj/FHFA6xSU4ipe6uc/65zxh2xGaN
++FrkDMmlvEEQLboEFdkiQikZK3xNHB/GEqAEmMsDgzYsg36JjsxLYLR9XQR3TDnu
+leNtjk/P05jiJchrL9m5xW1WM4QxwD7rf7TSRia/BrVyvQvhI3p8BKGbAoGBAN7O
+t/UajS8xjJmx1+u92FPXHnFi+tLuEfdd6ooKdw9rXUARVgeBsGgrLLrMKoCzdfWr
+txw7j5DjOlcx8ZXpyrcVyGJWuMboV3uf1IEiYZsMd7Le6yfnz4qgUPFmFy3JUQb1
+cbzc9dBuhCLQ2H7JU4EhlhtxyyY585kZtDaThmmTAoGBAIw9bVxuB+7gB1zCkeq+
+Q/x2aDyJ34jBd0e53TiPNu9wJflvJ77fMq9T2/TSV038hKzcrPmSfXlBC57i7B5V
+h9xA1XNA3qq1u8oxY+noZRl0KT0RAxsfeZRduIXZf5YtUTGZpN33o0CxsvD5xD0I
+K5SuEAwE0NEpmXagTU7HW1f9AoGAb+z0aEJQTjbb5JF8YEZcF7Hm7xrD2ZYSnGsn
+WPTs3mgWzgpnZxn1Hj8iFyxc5Y5BYYpDUAFzm1sqgYbrT13Eobhlk1DxPaqV19pw
+i/ZThen7b3WgN8mxbngecUXRuwR4mcBOxItTSMNbyYmUWAyW0DWpDFxbqvZNsslA
+yHHPgdUCgYEAuIRHMNanm5eZz7iXUMShAIUgaqcEIFOQ4W43zPQ1/F2beJBx+VoN
+u1Bvs7K9GBRDvJHcsjRxhYnwBwGu06M1NRG3QBW5VNuezpKzvchCgWR96ulzNOIe
+5C+j3zQmut4sOx2IY0zsJCfXnLJSoYwwtM1eVzY06uHwx+F4SMv1z8w=
 -----END RSA PRIVATE KEY-----
diff --git a/integration/fixtures/server2.crt b/integration/fixtures/server2.crt
index 98a18298d71..52330da5da1 100644
--- a/integration/fixtures/server2.crt
+++ b/integration/fixtures/server2.crt
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEEzCCAvugAwIBAgIURpz1nfYWl/lT2yZitiL/LVW6SZMwDQYJKoZIhvcNAQEL
+MIIEEzCCAvugAwIBAgIUev7+NZl9RzdnsOGshKbMEHIxtD8wDQYJKoZIhvcNAQEL
 BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
 Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzA5MjkwNjU0MDBaFw0yNzA5MjcwNjU0
+Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzEwMDUyMTU5MDBaFw0yNzEwMDMyMTU5
 MDBaMHkxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
 BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
 ZWN1cml0eTEVMBMGA1UEAxMMZXhhbXBsZTIuY29tMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAywxQ++cAL++7cHSACpohKAPMEUcYD/SyZnCAYkpIOJg4
-/4z2vsIhH8UMlrpP2j0OakDZorByljYNBV4JKJGWSJQlyONfWe3B1ElssoRkGdyX
-Qluiz+C9P/kGKOZztyz86O9jrjTUXqjkQJLR/JltCWlEvxB6CTSJ0vL99cUwuxJ3
-HstwZ1kBCrmWAvLa4bjjWaicsZYhsBBmhJp72t7O4d/8hNtBg/vX0ny4f2yj6URQ
-oTeR9tvTJ6w6lXDtLgEAdtlTubcvNfvzOuI/ZVR64Jb4YEdUUpFVE+oC2yj/irXS
-P8zSI7+XZIAEOnn8Gw5ddgjdblvH+cwhuCqUDEVuewIDAQABo4GcMIGZMA4GA1Ud
+AAOCAQ8AMIIBCgKCAQEA3VZyO4MoZjGpPU9hbb6SDV3ESNjUiS+pojigIVJi7C4b
+W1eJvPDpodetKQg22Htq+Vj8mpCmnqn7/8pegbxV9Fc3Fyy0kxiEfHnaOpzo8GWh
+pReubHJ2+kj2I6gY7HnKPJ3KP3Z9txKECNm9CtHuoOxjRvHR8SThcVYZqxz6cjkg
+ZB/AUlhhmxbnCIc+jr5sJWp9H0IDufLLGSeUQlFa700JJmF6qzpwDAcqv1ZiWJZz
+LdCJbeR1yGimluVsiA/XOobz/m63QA/PfCUwVidnbRFy2JP40R19GU9+5Nbqe1Cy
+JDWqcqcEkv/jG7UtsdDXSpm2FUnoyxBIv/U/n/MHPwIDAQABo4GcMIGZMA4GA1Ud
 DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T
-AQH/BAIwADAdBgNVHQ4EFgQUbyM/QRgv8B8hkDVC91WA2sa/Q0AwHwYDVR0jBBgw
-FoAUF9biSbsHMqdrwCSM0fKMjoXZwwkwGgYDVR0RBBMwEYIJbG9jYWxob3N0hwR/
-AAABMA0GCSqGSIb3DQEBCwUAA4IBAQBbMStTQJv8LiRlG4SE+RcZk+KvaNZAORoP
-rNHYnIUncUiNavwd1uDywgf5sDHIM7AkTmPAwUG1V5SbnfDAZZMTZWLv26nUam0L
-Yw3Wk4BqbMgPEh4AJgCuiOoJPEPjofmc+nVXdOEtKGAAWYiJWxL0WOnI+FESTVW4
-nQKB3/0+tRNebkdVWuxaiYZ2kuCffwE4zk2d9iWR2/pJmB2WB4xtOs8Dq3MzRqNN
-PHvxoiI6GTgEC/0Mb21XYF1sZ4CXlQF5wHMRGimTZvn3XuzziuepmOwcG5VZnYcD
-O/b2fZINj01SEet/y1P26OhR9CxLX6K1s0hQ6aYOzMK3Jd2ABL+7
+AQH/BAIwADAdBgNVHQ4EFgQUno0oT7FhR8s5LUqCHHpR2oLyWM4wHwYDVR0jBBgw
+FoAUreJamWdtAac2BvBksptdCJ7W6xMwGgYDVR0RBBMwEYIJbG9jYWxob3N0hwR/
+AAABMA0GCSqGSIb3DQEBCwUAA4IBAQASJMwhcXXFwFElnaFE/z6fCiu1+fnVdDyJ
+ARjawqNjZS/wI1uC9LOkfDOMfDm7vF6/HVA0VijCR+3p4+bXY3SyXigMkZGlwkHO
+R12Tnph2+RVsUaCcSmKNNcJxKjYXlU1bH3vyZ8/EmtGzsYnUlGtHfsHSHBdL/eHN
+g958qOHHYLtUWQsCf0az51mXO0yeaD+9pzTcnUX6tk2Er3OVKF51AdrdQVjQ9uub
+ST8onCbuICF6nRzXiF+sxv8h78ilIkdr3iCJw3TnIOLgXs8uh9PK3Du7Qh/2UD/5
+EucAVCeNgJQQ7Bvtcw+VIPLWwXnq71qu8p9Datir5dghK9FGmYeu
 -----END CERTIFICATE-----
diff --git a/integration/fixtures/server2.key.insecure b/integration/fixtures/server2.key.insecure
index 047e40dafc6..b2592089017 100644
--- a/integration/fixtures/server2.key.insecure
+++ b/integration/fixtures/server2.key.insecure
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAywxQ++cAL++7cHSACpohKAPMEUcYD/SyZnCAYkpIOJg4/4z2
-vsIhH8UMlrpP2j0OakDZorByljYNBV4JKJGWSJQlyONfWe3B1ElssoRkGdyXQlui
-z+C9P/kGKOZztyz86O9jrjTUXqjkQJLR/JltCWlEvxB6CTSJ0vL99cUwuxJ3Hstw
-Z1kBCrmWAvLa4bjjWaicsZYhsBBmhJp72t7O4d/8hNtBg/vX0ny4f2yj6URQoTeR
-9tvTJ6w6lXDtLgEAdtlTubcvNfvzOuI/ZVR64Jb4YEdUUpFVE+oC2yj/irXSP8zS
-I7+XZIAEOnn8Gw5ddgjdblvH+cwhuCqUDEVuewIDAQABAoIBACPRi2O0j1LlfnJL
-Ct9T6y9s5A3UNclyyBnMFMnCAtWA/OUPz+M8ya0aDKt2OGnuRWG3CO1rJPuck1V0
-DjeK3zD0eWnjuklZ6MxzG2quch4hzMkW8zSql5f2bQDADn+svvy0ZigwB5qfPoyp
-mcNuqU50tHzkAjMngnylAundHEiTm8bGlWbGUNaNud0hC01fsIYhQFPD7naJUb5V
-eoduuBnLRLyY6VOkJT4En9z76MnK988wZeNjH861n0iqD/KDkoR2c+QSyJY01TYC
-SPHMOe24+GNNqsyfVSxazQX7lPf2frXWFqPdnH3w1FHnhtT51H/tr90gCLbgX9Vu
-N27SvSkCgYEA2Kbk4xBU0xoHDCJ9ADbEmA6VuG8jZWRSq3pKeP734f6t3v7sje9v
-jbR3+X609zoCvg/N8OnrVMqvTxD4pGCGhLyKqCqRAuM/QzgeJ5fOkXnlTXHJAP1X
-wMTEGZqDPMKW55wEgnvE1k5H2eZTGT3dgKHLSJibKgGGm2MS+rZ74XcCgYEA7+zr
-qc7ziUM2ow6b+b91kdLzZMHmYrF5CRp+lPDpILxqGrEZBOxFDoaVKwbsNCoipaFI
-6+wUDTbNny7KEZBwj/dQJVvC7xMhw1LIA23WbmVHcXxMdM6tud8PB1P8yRpI4rSB
-VLpgB8Gf23AIqpB4r3C+/fne3le62NIoNaUDPB0CgYBelC0juwNszNX6xCuRplcY
-knVl+I6ZOrykQ1SzkYshS48X5G3cYIRwdjJR5rCVpOuBkWC0JUooz/rMJ3qEN+dB
-lxVo6Hw5qH77l0oCutDgzTf/IQdAuVhPvRZmnv9fzQsXvRJy7Bk3/SB8zYHFaS6D
-cx5NaOGD6vqaZxvn+zYFbQKBgHL/J+V4IBqGcMWu1uvZ7Mw8RBTjKz3aupy2aj2R
-Suw54tFwWQGXDXJs50p8QvKtz3V73KvXt7Sts9i8YHYSuSEH9Q4y8TgN/3zTTLL4
-DnNTb+7hGPRTq8kPNPDaPKtXQeAHjIXD3wtYrvpKtJysKmxMqf6pqT0A57nM4SD1
-OpuxAoGAOh4CXj5Jn6dvMusHChV+yEMybA5Nfk/2ctwYTDEuMlnKXV8+PghimlwB
-Mrqjd99KtGFjeerkTzD+wqt2tPsnRvPrPYBwd3eM8k18dtonvk1nvxcReTRb6QSu
-yGGJAuVfMNE2gL8D0qFcgf+Ss3AyWMglS8fxZnSUSMsXvdawCmo=
+MIIEpAIBAAKCAQEA3VZyO4MoZjGpPU9hbb6SDV3ESNjUiS+pojigIVJi7C4bW1eJ
+vPDpodetKQg22Htq+Vj8mpCmnqn7/8pegbxV9Fc3Fyy0kxiEfHnaOpzo8GWhpReu
+bHJ2+kj2I6gY7HnKPJ3KP3Z9txKECNm9CtHuoOxjRvHR8SThcVYZqxz6cjkgZB/A
+UlhhmxbnCIc+jr5sJWp9H0IDufLLGSeUQlFa700JJmF6qzpwDAcqv1ZiWJZzLdCJ
+beR1yGimluVsiA/XOobz/m63QA/PfCUwVidnbRFy2JP40R19GU9+5Nbqe1CyJDWq
+cqcEkv/jG7UtsdDXSpm2FUnoyxBIv/U/n/MHPwIDAQABAoIBAD67tK7XcsjcRHqD
+GDsxq1WsgOigxESJxMucvw4SusT0IH7YJcrugVmEtqiNknXzLRO1PAtW+lK4HRuX
+sQeWaMpTOeMQobGbXlmlc8vvEzqno5QWTTKhksVHjrP2ffHwZvidRGiOXf1YeyHD
+DQiXDcqAlXbTLUzqxhcIb0gHc5iRv0FlM+91mbhZ/el/gJ7UBhzsr0Rx0ohlTmuE
+7KRXeYu/A5mlIa2Kq0hrUzNcT55qucOPsQVe5Ak6aFlC5Vuee+o4/uyyvcgXmtUX
+ugNWIPIni6cYTBGktMZZAwNzyvVyDxpij6c4xFVL4v7NySmH78hJJfnMwEQAr1g5
+jV3ZAQECgYEA37WdidaZTD2Heq72Yn6jhGSDQhps/Mr1fRvtNwltY46L6jGThsn4
+DAJPIpBUqV0LmKi07d2Chsgu2cFD9TBSQchMA7Orx477u5ssA6wy37N+AGRDk7h4
+Nw/GvYA0LweDxuKO5C6musxV0MlLinMCMsvupfUL8MO4S3wB2UTyuIECgYEA/Ukw
+7BfOVm5IICD8NKmgl1YjHEwOXEEze+1HCpT3WGZiLBTWZYRICzZEgMQwf7VfqI5u
+lLMgy19z+snC1mrbuzoDy4Me2vrOfllBLwwbv/AJF7R/UftD+x4kJGHv5Ex+em5g
+6cVd3C5USeGcO1MwefXpJar5n4m/1OY4l0aj378CgYEA3IVwHT8g8Gm60jIEiIUj
+dU+LoC7ifrMnGUPdK6KsZTZQL/Tc40LWtCfWkFDMVAN3ee3cJJp1n51Xqan87obK
+nzPt0rxbOiV1erL0yU4G/EM4kvRDNSvjvQtdMtJdHnr+6J/OkZp3Gq5wbZbwUzMZ
+2K70uj17nsOgOTCttdpklYECgYB0ajGMMhzqaOHJsp947QYcyMB2fxaSnH03VoWy
+fWl6PgSdUi6All4umRC/Rm0sJYcECAMXYYWPNB4whI+C0baQxUd9QJTr/R7vv8JQ
+B3axr3feZ12lpqFGSEJAXqtN+UKgrx7oE4jibIDdPE78jW3YgIhagc0d4MhE6FPW
+Y+dqLQKBgQCUQEMiTwGadmDy0VmzAYVmKQV0qqb+hHswPt2Nyr5tNs7ZGJXaiW1+
+t2AtWeFFvpvdCaN9q7G5sZedIeB/zAByNTGF8ztBB3dSyv7IiMhthAWaC1UZefD6
+zw7N2UCuvjwvh+T1fi8BpMvK4YizmSyw04tEvoZMnhK1fQ2r/PWsjw==
 -----END RSA PRIVATE KEY-----

From e7e24dab64cdb14bd92216f0992a74785954a0b1 Mon Sep 17 00:00:00 2001
From: Gyu-Ho Lee <gyuhox@gmail.com>
Date: Thu, 5 Oct 2017 14:34:07 -0700
Subject: [PATCH 2/4] e2e/docker-dns: enable client-cert-auth in /run.sh

Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
---
 e2e/docker-dns/Procfile.tls |  6 +++---
 e2e/docker-dns/run.sh       | 12 ++++++++++--
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/e2e/docker-dns/Procfile.tls b/e2e/docker-dns/Procfile.tls
index 45e42012406..c4842ae5670 100644
--- a/e2e/docker-dns/Procfile.tls
+++ b/e2e/docker-dns/Procfile.tls
@@ -1,6 +1,6 @@
 # Use goreman to run `go get github.com/mattn/goreman`
-etcd1: ./etcd --name m1 --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://m1.etcd.local:2379 --listen-peer-urls https://127.0.0.1:12380 --initial-advertise-peer-urls=https://m1.etcd.local:12380 --initial-cluster-token etcd-cluster-1 --initial-cluster=m1=https://m1.etcd.local:12380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --enable-pprof --peer-cert-file=/certs/server-wildcard.crt  --peer-key-file=/certs/server-wildcard.key.insecure --peer-client-cert-auth --cert-file=/certs/server-wildcard.crt --key-file=/certs/server-wildcard.key.insecure --peer-trusted-ca-file=/certs/ca.crt --trusted-ca-file=/certs/ca.crt
+etcd1: ./etcd --name m1 --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://m1.etcd.local:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://m1.etcd.local:2380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs/server-wildcard.crt --peer-key-file=/certs/server-wildcard.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server-wildcard.crt --key-file=/certs/server-wildcard.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth
 
-etcd2: ./etcd --name m2 --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://m2.etcd.local:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://m2.etcd.local:22380 --initial-cluster-token etcd-cluster-1 --initial-cluster=m1=https://m1.etcd.local:12380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --enable-pprof --peer-cert-file=/certs/server-wildcard.crt -peer-key-file=/certs/server-wildcard.key.insecure  --peer-client-cert-auth --cert-file=/certs/server-wildcard.crt --key-file=/certs/server-wildcard.key.insecure --peer-trusted-ca-file=/certs/ca.crt --trusted-ca-file=/certs/ca.crt
+etcd2: ./etcd --name m2 --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://m2.etcd.local:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://m2.etcd.local:22380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs/server-wildcard.crt --peer-key-file=/certs/server-wildcard.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server-wildcard.crt --key-file=/certs/server-wildcard.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth
 
-etcd3: ./etcd --name m3 --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://m3.etcd.local:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://m3.etcd.local:32380 --initial-cluster-token etcd-cluster-1 --initial-cluster=m1=https://m1.etcd.local:12380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --enable-pprof --peer-cert-file=/certs/server-wildcard.crt  --peer-key-file=/certs/server-wildcard.key.insecure --peer-client-cert-auth --cert-file=/certs/server-wildcard.crt --key-file=/certs/server-wildcard.key.insecure --peer-trusted-ca-file=/certs/ca.crt --trusted-ca-file=/certs/ca.crt
+etcd3: ./etcd --name m3 --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://m3.etcd.local:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://m3.etcd.local:32380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs/server-wildcard.crt --peer-key-file=/certs/server-wildcard.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server-wildcard.crt --key-file=/certs/server-wildcard.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth
\ No newline at end of file
diff --git a/e2e/docker-dns/run.sh b/e2e/docker-dns/run.sh
index e020bcbecab..5e877c7b9c7 100755
--- a/e2e/docker-dns/run.sh
+++ b/e2e/docker-dns/run.sh
@@ -1,8 +1,16 @@
 #!/bin/sh
 
 /etc/init.d/bind9 start
+
 # get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost
 cat /dev/null >/etc/hosts
+
 goreman -f /Procfile.tls start &
-sleep 5s
-ETCDCTL_API=3 ./etcdctl --cacert=/certs/ca.crt --endpoints=https://m1.etcd.local:2379 put abc def
+sleep 7s
+
+ETCDCTL_API=3 ./etcdctl \
+  --cacert=/certs/ca.crt \
+  --cert=/certs/server-wildcard.crt \
+  --key=/certs//server-wildcard.key.insecure \
+  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
+  put abc def

From d57159f79ab86aeb8682efc5b34a509c0602c4d4 Mon Sep 17 00:00:00 2001
From: Gyu-Ho Lee <gyuhox@gmail.com>
Date: Thu, 5 Oct 2017 14:58:25 -0700
Subject: [PATCH 3/4] e2e/docker-dns-srv: use 'etcd.local' as SRV, clean up

Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
---
 Makefile                      |  3 ++-
 e2e/docker-dns-srv/Dockerfile |  2 +-
 e2e/docker-dns-srv/Procfile   |  6 +++---
 e2e/docker-dns-srv/etcd.zone  | 28 +++++++++++-----------------
 e2e/docker-dns-srv/named.conf |  7 ++++++-
 e2e/docker-dns-srv/rdns.zone  | 13 +++++++++++++
 e2e/docker-dns-srv/run.sh     | 10 +++++++---
 7 files changed, 43 insertions(+), 26 deletions(-)
 create mode 100644 e2e/docker-dns-srv/rdns.zone

diff --git a/Makefile b/Makefile
index be7c3010a25..37107daab54 100644
--- a/Makefile
+++ b/Makefile
@@ -143,7 +143,7 @@ docker-dns-srv-test-build:
 	  --rm \
 	  --dns 127.0.0.1 \
 	  gcr.io/etcd-development/etcd-dns-srv-test:$(_GO_VERSION) \
-	  /bin/bash -c "/etc/init.d/bind9 start && cat /dev/null >/etc/hosts && dig +noall +answer SRV _etcd-client._tcp.etcd-srv.local && dig +noall +answer SRV _etcd-client-ssl._tcp.etcd-srv.local && dig +noall +answer SRV _etcd-server._tcp.etcd-srv.local && dig +noall +answer SRV _etcd-server-ssl._tcp.etcd-srv.local && dig +noall +answer m1.etcd-srv.local m2.etcd-srv.local m3.etcd-srv.local"
+	  /bin/bash -c "/etc/init.d/bind9 start && cat /dev/null >/etc/hosts && dig +noall +answer SRV _etcd-client._tcp.etcd.local && dig +noall +answer SRV _etcd-server._tcp.etcd.local && dig +noall +answer m1.etcd.local m2.etcd.local m3.etcd.local"
 
 docker-dns-srv-test-push:
 	gcloud docker -- push gcr.io/etcd-development/etcd-dns-srv-test:$(_GO_VERSION)
@@ -158,6 +158,7 @@ docker-dns-srv-test-run:
 	  --tty \
 	  --dns 127.0.0.1 \
 	  --volume=`pwd`/bin:/etcd \
+	  --volume=`pwd`/integration/fixtures:/certs \
 	  gcr.io/etcd-development/etcd-dns-srv-test:$(_GO_VERSION) \
 	  /bin/bash -c "cd /etcd && /run.sh && rm -rf m*.etcd"
 
diff --git a/e2e/docker-dns-srv/Dockerfile b/e2e/docker-dns-srv/Dockerfile
index 33c680a557a..03cf8881c01 100644
--- a/e2e/docker-dns-srv/Dockerfile
+++ b/e2e/docker-dns-srv/Dockerfile
@@ -11,7 +11,7 @@ RUN chown bind /var/bind
 ADD Procfile /Procfile
 ADD run.sh /run.sh
 
-ADD etcd.zone named.conf /etc/bind/
+ADD named.conf etcd.zone rdns.zone /etc/bind/
 ADD resolv.conf /etc/resolv.conf
 
 RUN go get github.com/mattn/goreman
diff --git a/e2e/docker-dns-srv/Procfile b/e2e/docker-dns-srv/Procfile
index c46ae7415ee..2fef5254219 100644
--- a/e2e/docker-dns-srv/Procfile
+++ b/e2e/docker-dns-srv/Procfile
@@ -1,5 +1,5 @@
-etcd1: ./etcd --name m1 --listen-client-urls http://127.0.0.1:2379 --advertise-client-urls http://m1.etcd-srv.local:2379 --listen-peer-urls http://127.0.0.1:2380 --initial-advertise-peer-urls=http://m1.etcd-srv.local:2380 --initial-cluster-token tkn --discovery-srv=etcd-srv.local --initial-cluster-state new
+etcd1: ./etcd --name m1 --listen-client-urls http://127.0.0.1:2379 --advertise-client-urls http://m1.etcd.local:2379 --listen-peer-urls http://127.0.0.1:2380 --initial-advertise-peer-urls=http://m1.etcd.local:2380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new
 
-etcd2: ./etcd --name m2 --listen-client-urls http://127.0.0.1:22379 --advertise-client-urls http://m2.etcd-srv.local:22379 --listen-peer-urls http://127.0.0.1:22380 --initial-advertise-peer-urls=http://m2.etcd-srv.local:22380 --initial-cluster-token tkn --discovery-srv=etcd-srv.local --initial-cluster-state new
+etcd2: ./etcd --name m2 --listen-client-urls http://127.0.0.1:22379 --advertise-client-urls http://m2.etcd.local:22379 --listen-peer-urls http://127.0.0.1:22380 --initial-advertise-peer-urls=http://m2.etcd.local:22380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new
 
-etcd3: ./etcd --name m3 --listen-client-urls http://127.0.0.1:32379 --advertise-client-urls http://m3.etcd-srv.local:32379 --listen-peer-urls http://127.0.0.1:32380 --initial-advertise-peer-urls=http://m3.etcd-srv.local:32380 --initial-cluster-token tkn --discovery-srv=etcd-srv.local --initial-cluster-state new
+etcd3: ./etcd --name m3 --listen-client-urls http://127.0.0.1:32379 --advertise-client-urls http://m3.etcd.local:32379 --listen-peer-urls http://127.0.0.1:32380 --initial-advertise-peer-urls=http://m3.etcd.local:32380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new
diff --git a/e2e/docker-dns-srv/etcd.zone b/e2e/docker-dns-srv/etcd.zone
index dbf7cd0ffc3..5e2fe283dfb 100644
--- a/e2e/docker-dns-srv/etcd.zone
+++ b/e2e/docker-dns-srv/etcd.zone
@@ -1,22 +1,16 @@
-etcd-srv.local.	IN	SOA	bindhostname. admin.etcd-srv.local. (
+etcd.local.	IN	SOA	bindhostname. admin.etcd.local. (
 1452607488
 10800
 3600
 604800
 38400 )
-etcd-srv.local.	IN	NS	bindhostname.
-m1.etcd-srv.local.	300	IN	A	127.0.0.1
-m2.etcd-srv.local.	300	IN	A	127.0.0.1
-m3.etcd-srv.local.	300	IN	A	127.0.0.1
-_etcd-client._tcp	300	IN	SRV	0 0 2379 m1.etcd-srv.local.
-_etcd-client._tcp	300	IN	SRV	0 0 22379 m2.etcd-srv.local.
-_etcd-client._tcp	300	IN	SRV	0 0 32379 m3.etcd-srv.local.
-_etcd-client-ssl._tcp	300	IN	SRV	0 0 2379 m1.etcd-srv.local.
-_etcd-client-ssl._tcp	300	IN	SRV	0 0 22379 m2.etcd-srv.local.
-_etcd-client-ssl._tcp	300	IN	SRV	0 0 32379 m3.etcd-srv.local.
-_etcd-server._tcp	300	IN	SRV	0 0 2380 m1.etcd-srv.local.
-_etcd-server._tcp	300	IN	SRV	0 0 22380 m2.etcd-srv.local.
-_etcd-server._tcp	300	IN	SRV	0 0 32380 m3.etcd-srv.local.
-_etcd-server-ssl._tcp	300	IN	SRV	0 0 2380 m1.etcd-srv.local.
-_etcd-server-ssl._tcp	300	IN	SRV	0 0 22380 m2.etcd-srv.local.
-_etcd-server-ssl._tcp	300	IN	SRV	0 0 32380 m3.etcd-srv.local.
+etcd.local.	IN	NS	bindhostname.
+m1.etcd.local.	300	IN	A	127.0.0.1
+m2.etcd.local.	300	IN	A	127.0.0.1
+m3.etcd.local.	300	IN	A	127.0.0.1
+_etcd-client._tcp	300	IN	SRV	0 0 2379 m1.etcd.local.
+_etcd-client._tcp	300	IN	SRV	0 0 22379 m2.etcd.local.
+_etcd-client._tcp	300	IN	SRV	0 0 32379 m3.etcd.local.
+_etcd-server._tcp	300	IN	SRV	0 0 2380 m1.etcd.local.
+_etcd-server._tcp	300	IN	SRV	0 0 22380 m2.etcd.local.
+_etcd-server._tcp	300	IN	SRV	0 0 32380 m3.etcd.local.
\ No newline at end of file
diff --git a/e2e/docker-dns-srv/named.conf b/e2e/docker-dns-srv/named.conf
index 82397524950..83549305c34 100644
--- a/e2e/docker-dns-srv/named.conf
+++ b/e2e/docker-dns-srv/named.conf
@@ -12,7 +12,12 @@ options {
         recursion no;
 };
 
-zone "etcd-srv.local" IN {
+zone "etcd.local" IN {
       type master;
       file "/etc/bind/etcd.zone";
 };
+
+zone "0.0.127.in-addr.arpa" {
+      type master;
+      file "/etc/bind/rdns.zone";
+};
diff --git a/e2e/docker-dns-srv/rdns.zone b/e2e/docker-dns-srv/rdns.zone
new file mode 100644
index 00000000000..fb71b30b1fa
--- /dev/null
+++ b/e2e/docker-dns-srv/rdns.zone
@@ -0,0 +1,13 @@
+$TTL    86400
+@   IN  SOA  etcdns.local. root.etcdns.local. (
+             100500     ; Serial
+             604800     ; Refresh
+              86400     ; Retry
+            2419200     ; Expire
+              86400 )   ; Negative Cache TTL
+    IN  NS  ns.etcdns.local.
+    IN  A   127.0.0.1
+
+1 IN PTR m1.etcd.local.
+1 IN PTR m2.etcd.local.
+1 IN PTR m3.etcd.local.
diff --git a/e2e/docker-dns-srv/run.sh b/e2e/docker-dns-srv/run.sh
index 251e09e60ad..528cf5f86b2 100755
--- a/e2e/docker-dns-srv/run.sh
+++ b/e2e/docker-dns-srv/run.sh
@@ -1,9 +1,13 @@
 #!/bin/sh
 
 /etc/init.d/bind9 start
+
 # get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost
 cat /dev/null >/etc/hosts
+
 goreman -f /Procfile start &
-sleep 5s
-./etcdctl --discovery-srv etcd-srv.local set foo bar
-ETCDCTL_API=3 ./etcdctl --discovery-srv etcd-srv.local put foo bar
+sleep 7s
+
+ETCDCTL_API=3 ./etcdctl \
+  --discovery-srv etcd.local \
+  put foo bar

From 5d3a5912eb230631603780d94d5258b5ecf544e1 Mon Sep 17 00:00:00 2001
From: Gyu-Ho Lee <gyuhox@gmail.com>
Date: Thu, 5 Oct 2017 15:14:34 -0700
Subject: [PATCH 4/4] e2e/docker-dns-srv: enable peer, client TLS

Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
---
 Makefile                     |  3 +--
 e2e/docker-dns-srv/Procfile  |  6 +++---
 e2e/docker-dns-srv/etcd.zone | 12 ++++++------
 e2e/docker-dns-srv/run.sh    |  3 +++
 4 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/Makefile b/Makefile
index 37107daab54..f14db6d3070 100644
--- a/Makefile
+++ b/Makefile
@@ -143,7 +143,7 @@ docker-dns-srv-test-build:
 	  --rm \
 	  --dns 127.0.0.1 \
 	  gcr.io/etcd-development/etcd-dns-srv-test:$(_GO_VERSION) \
-	  /bin/bash -c "/etc/init.d/bind9 start && cat /dev/null >/etc/hosts && dig +noall +answer SRV _etcd-client._tcp.etcd.local && dig +noall +answer SRV _etcd-server._tcp.etcd.local && dig +noall +answer m1.etcd.local m2.etcd.local m3.etcd.local"
+	  /bin/bash -c "/etc/init.d/bind9 start && cat /dev/null >/etc/hosts && dig +noall +answer SRV _etcd-client-ssl._tcp.etcd.local && dig +noall +answer SRV _etcd-server-ssl._tcp.etcd.local && dig +noall +answer m1.etcd.local m2.etcd.local m3.etcd.local"
 
 docker-dns-srv-test-push:
 	gcloud docker -- push gcr.io/etcd-development/etcd-dns-srv-test:$(_GO_VERSION)
@@ -162,5 +162,4 @@ docker-dns-srv-test-run:
 	  gcr.io/etcd-development/etcd-dns-srv-test:$(_GO_VERSION) \
 	  /bin/bash -c "cd /etcd && /run.sh && rm -rf m*.etcd"
 
-# TODO: run DNS/SRV with TLS
 # TODO: add DNS integration tests
diff --git a/e2e/docker-dns-srv/Procfile b/e2e/docker-dns-srv/Procfile
index 2fef5254219..e1b2c411cd3 100644
--- a/e2e/docker-dns-srv/Procfile
+++ b/e2e/docker-dns-srv/Procfile
@@ -1,5 +1,5 @@
-etcd1: ./etcd --name m1 --listen-client-urls http://127.0.0.1:2379 --advertise-client-urls http://m1.etcd.local:2379 --listen-peer-urls http://127.0.0.1:2380 --initial-advertise-peer-urls=http://m1.etcd.local:2380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new
+etcd1: ./etcd --name m1 --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://m1.etcd.local:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://m1.etcd.local:2380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new --peer-cert-file=/certs/server-wildcard.crt --peer-key-file=/certs/server-wildcard.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server-wildcard.crt --key-file=/certs/server-wildcard.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth
 
-etcd2: ./etcd --name m2 --listen-client-urls http://127.0.0.1:22379 --advertise-client-urls http://m2.etcd.local:22379 --listen-peer-urls http://127.0.0.1:22380 --initial-advertise-peer-urls=http://m2.etcd.local:22380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new
+etcd2: ./etcd --name m2 --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://m2.etcd.local:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://m2.etcd.local:22380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new --peer-cert-file=/certs/server-wildcard.crt --peer-key-file=/certs/server-wildcard.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server-wildcard.crt --key-file=/certs/server-wildcard.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth
 
-etcd3: ./etcd --name m3 --listen-client-urls http://127.0.0.1:32379 --advertise-client-urls http://m3.etcd.local:32379 --listen-peer-urls http://127.0.0.1:32380 --initial-advertise-peer-urls=http://m3.etcd.local:32380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new
+etcd3: ./etcd --name m3 --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://m3.etcd.local:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://m3.etcd.local:32380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new --peer-cert-file=/certs/server-wildcard.crt --peer-key-file=/certs/server-wildcard.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server-wildcard.crt --key-file=/certs/server-wildcard.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth
diff --git a/e2e/docker-dns-srv/etcd.zone b/e2e/docker-dns-srv/etcd.zone
index 5e2fe283dfb..e501ed39979 100644
--- a/e2e/docker-dns-srv/etcd.zone
+++ b/e2e/docker-dns-srv/etcd.zone
@@ -8,9 +8,9 @@ etcd.local.	IN	NS	bindhostname.
 m1.etcd.local.	300	IN	A	127.0.0.1
 m2.etcd.local.	300	IN	A	127.0.0.1
 m3.etcd.local.	300	IN	A	127.0.0.1
-_etcd-client._tcp	300	IN	SRV	0 0 2379 m1.etcd.local.
-_etcd-client._tcp	300	IN	SRV	0 0 22379 m2.etcd.local.
-_etcd-client._tcp	300	IN	SRV	0 0 32379 m3.etcd.local.
-_etcd-server._tcp	300	IN	SRV	0 0 2380 m1.etcd.local.
-_etcd-server._tcp	300	IN	SRV	0 0 22380 m2.etcd.local.
-_etcd-server._tcp	300	IN	SRV	0 0 32380 m3.etcd.local.
\ No newline at end of file
+_etcd-client-ssl._tcp	300	IN	SRV	0 0 2379 m1.etcd.local.
+_etcd-client-ssl._tcp	300	IN	SRV	0 0 22379 m2.etcd.local.
+_etcd-client-ssl._tcp	300	IN	SRV	0 0 32379 m3.etcd.local.
+_etcd-server-ssl._tcp	300	IN	SRV	0 0 2380 m1.etcd.local.
+_etcd-server-ssl._tcp	300	IN	SRV	0 0 22380 m2.etcd.local.
+_etcd-server-ssl._tcp	300	IN	SRV	0 0 32380 m3.etcd.local.
\ No newline at end of file
diff --git a/e2e/docker-dns-srv/run.sh b/e2e/docker-dns-srv/run.sh
index 528cf5f86b2..7c7415f8de0 100755
--- a/e2e/docker-dns-srv/run.sh
+++ b/e2e/docker-dns-srv/run.sh
@@ -9,5 +9,8 @@ goreman -f /Procfile start &
 sleep 7s
 
 ETCDCTL_API=3 ./etcdctl \
+  --cacert=/certs/ca.crt \
+  --cert=/certs/server-wildcard.crt \
+  --key=/certs//server-wildcard.key.insecure \
   --discovery-srv etcd.local \
   put foo bar